Merge pull request eclipse-openj9#1251 from Sreekala-Gopakumar/1244CR…

…IUSecPrvd

New -XX:[+|-]CRIUSecProvider option for CRIU

docs/criusupport.md

@@ -32,7 +32,9 @@
 
 In OpenJ9, the CRIU support includes an API that you can use to stop the VM at a checkpoint, save its state, and then run the VM from the point where it was stopped. The period of time between when the VM starts and when the application takes a checkpoint is referred to as the *checkpoint phase*. The application writes the VM state that was saved at the checkpoint to one or more image files. The saved state includes memory pages, methods, file systems, processes, and network connections. You can restore the VM from these files multiple times from the same point and in multiple environments.
 
-Because the checkpoint image files have the live state of the VM that is used to restore the VM in different systems, they should not contain cryptographically-sensitive security data. If the image files contain sensitive security data, the security components are vulnerable to exploitation even if you don't move the image files between systems. The CRIU technical preview introduces the `CRIUSECProvider` security provider, which provides the following limited set of security services: `MessageDigest` and `SecureRandom`. When you enable CRIU support, all existing security providers are removed from the security provider list during the checkpoint phase and `CRIUSECProvider` is added. When you restore the VM in the nonportable restore mode ([`-XX:+CRIURestoreNonPortableMode`](xxcriurestorenonportablemode.md)), `CRIUSECProvider` is removed from the security provider list and the previous security providers are added back again.
+Because the checkpoint image files have the live state of the VM that is used to restore the VM in different systems, they should not contain cryptographically-sensitive security data. If the image files contain sensitive security data, the security components are vulnerable to exploitation even if you don't move the image files between systems. The CRIU technical preview introduces the `CRIUSECProvider` security provider, which provides the following limited set of security services: `MessageDigest` and `SecureRandom`. When you enable CRIU support, all existing security providers are removed from the security provider list during the checkpoint phase, by default and `CRIUSECProvider` is added. When you restore the VM in the nonportable restore mode ([`-XX:+CRIURestoreNonPortableMode`](xxcriurestorenonportablemode.md)), `CRIUSECProvider` is removed from the security provider list and the previous security providers are added back again.
+
+![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) You can disable `CRIUSECProvider` during the checkpoint phase with the `-XX:-CRIUSecProvider` option. For more information, see [`-XX:[+|-]CRIUSecProvider`](xxcriusecprovider.md). ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
 
 When the VM starts from the saved point instead of the beginning, the VM startup time improves.
 

docs/version0.42.md

@@ -29,6 +29,7 @@ The following new features and notable changes since version 0.41.0 are included
 - ![Start of content that applies to Java 21 (LTS) and later](cr/java21plus.png) [OpenJ9 `jextract` removed](#openj9-jextract-removed) ![End of content that applies to Java 21 (LTS) and later](cr/java_close_lts.png)
 - [Change in the `System.gc()` call behavior](#change-in-the-systemgc-call-behavior)
 - [New `-XX:[+|-]IProfileDuringStartupPhase` option added](#new-xx-iprofileduringstartupphase-option-added)
+- ![Start of content that applies to Java 21 (LTS)](cr/java21.png) [New `-XX:[+|-]CRIUSecProvider` option added](#new-xx-criusecprovider-option-added) ![End of content that applies to Java 21 (LTS)](cr/java_close_lts.png)
 - ![Start of content that applies to Java 21 (LTS) and later](cr/java21plus.png) [New JDK 21 features](#new-jdk-21-features) ![End of content that applies to Java 21 (LTS) and later](cr/java_close_lts.png)
 
 ## Features and changes
@@ -57,7 +58,15 @@ For more information, see [Garbage collection](gc_overview.md).
 
 The VM uses heuristics to decide whether to collect interpreter profiling information during the VM startup. You can overrule the heuristics and control the collection of the profiling information during the startup phase by using the [`-XX:[+|-]IProfileDuringStartupPhase`](xxiprofileduringstartupphase.md) option.
 
-### ![Start of content that applies to Java 21 plus](cr/java21plus.png) New JDK 21 features
+### ![Start of content that applies to Java 21 (LTS)](cr/java21.png) New `-XX:[+|-]CRIUSecProvider` option added
+
+When you enable CRIU support, all the existing security providers are removed from the security provider list during the checkpoint phase and `CRIUSECProvider` is added by default.
+
+You can now control the use of `CRIUSECProvider` during the checkpoint phase with the `-XX:[+|-]CRIUSecProvider` option. You can use all the existing security providers instead of the `CRIUSECProvider` by specifying the `-XX:-CRIUSecProvider` option.
+
+For more information, see [`-XX:[+|-]CRIUSecProvider`](xxcriusecprovider.md). ![End of content that applies to Java 21 (LTS)](cr/java_close_lts.png)
+
+### ![Start of content that applies to Java 21 (LTS) and later](cr/java21plus.png) New JDK 21 features
 
 The following features are supported by OpenJ9:
 

docs/version0.43.md

@@ -28,6 +28,7 @@ The following new features and notable changes since version 0.42.0 are included
 - [New binaries and changes to supported environments](#binaries-and-supported-environments)
 - [Compiler changes for Linux®](#compiler-changes-for-linux)
 - [Change in the large page memory allocation behavior](#change-in-the-large-page-memory-allocation-behavior)
+- ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) [New `-XX:[+|-]CRIUSecProvider` option added](#new-xx-criusecprovider-option-added) ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
 
 ## Features and changes
 
@@ -55,6 +56,14 @@ Now, if the configured large page size is greater than the size of the total cod
 
 For more information, see [`-Xlp:codecache`](xlpcodecache.md).
 
+### ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) New `-XX:[+|-]CRIUSecProvider` option added
+
+When you enable CRIU support, all the existing security providers are removed from the security provider list during the checkpoint phase and `CRIUSECProvider` is added by default.
+
+You can now control the use of `CRIUSECProvider` during the checkpoint phase with the `-XX:[+|-]CRIUSecProvider` option. You can use all the existing security providers instead of the `CRIUSECProvider` by specifying the `-XX:-CRIUSecProvider` option.
+
+For more information, see [`-XX:[+|-]CRIUSecProvider`](xxcriusecprovider.md). ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
+
 ## Known problems and full release information
 
 To see known problems and a complete list of changes between Eclipse OpenJ9 v0.42.0 and v0.43.0 releases, see the [Release notes](https://github.com/eclipse-openj9/openj9/blob/master/doc/release-notes/0.43/0.43.md).

docs/xxcriurestorenonportablemode.md

@@ -31,7 +31,7 @@ This option specifies whether the JIT and AOT compilers generate nonportable com
 
 - This option takes effect only when [`-XX:+EnableCRIUSupport`](xxenablecriusupport.md) is enabled.
 - When you disable this option,
-    - `CRIUSECProvider` is the only security provider in both checkpoint and restore.
+    - By default, `CRIUSECProvider` is the only security provider in both checkpoint and restore. ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) But, if `CRIUSECProvider` is disabled with the [`-XX:-CRIUSecProvider`](xxcriusecprovider.md) option, then the existing security providers are used during the checkpoint phase and restore phase. You can use any algorithm in the existing providers. ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
     - JITServer technology is disabled both before you take a checkpoint and after you restore the VM.
     - the VM generates only portable code, both before you take a checkpoint and after you restore the VM.
 
@@ -48,7 +48,7 @@ This option specifies whether the JIT and AOT compilers generate nonportable com
 
 ## Explanation
 
-The JIT compiler can exploit hardware features of the system on which it is running, to generate compiled code. That code might therefore fail if it is included in a checkpoint image that you later restore on a different system. For example, the compiled code might try to exploit a hardware feature that doesn't exist on the new machine, then fail. To avoid this problem, the JIT compiler by default generates code that exploits only basic hardware features, therefore portable to different systems.
+The JIT compiler can use hardware features of the system on which it is running to generate compiled code. That code might therefore fail if it is included in a checkpoint image that you later restore on a different system. For example, the compiled code might try to use a hardware feature that doesn't exist on the new machine, then fail. To avoid this problem, the JIT compiler by default generates code that uses only basic hardware features, therefore portable to different systems.
 
 The `-XX:+CRIURestoreNonPortableMode` option is set by default so that on restore the JIT compiler can start generating nonportable compiled code. Likewise, the VM can also load nonportable AOT code post-restore. Generating nonportable compiled code also means that no further checkpoints are permitted. Only a single checkpoint can be taken in the VM's lifetime.
 

docs/xxcriusecprovider.md

@@ -0,0 +1,50 @@
+<!--
+* Copyright (c) 2017, 2024 IBM Corp. and others
+*
+* This program and the accompanying materials are made
+* available under the terms of the Eclipse Public License 2.0
+* which accompanies this distribution and is available at
+* https://www.eclipse.org/legal/epl-2.0/ or the Apache
+* License, Version 2.0 which accompanies this distribution and
+* is available at https://www.apache.org/licenses/LICENSE-2.0.
+*
+* This Source Code may also be made available under the
+* following Secondary Licenses when the conditions for such
+* availability set forth in the Eclipse Public License, v. 2.0
+* are satisfied: GNU General Public License, version 2 with
+* the GNU Classpath Exception [1] and GNU General Public
+* License, version 2 with the OpenJDK Assembly Exception [2].
+*
+* [1] https://www.gnu.org/software/classpath/license.html
+* [2] https://openjdk.org/legal/assembly-exception.html
+*
+* SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0
+-->
+
+# -XX:[+|-]CRIUSecProvider
+
+**(Linux&reg; x86, Linux on POWER&reg; (Little Endian), Linux on AArch64, and Linux on IBM Z&reg; only)**
+
+![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) This option enables or disables the use of the `CRIUSECProvider` during the checkpoint phase.
+
+## Syntax
+
+        -XX:[+|-]CRIUSecProvider
+
+| Setting               | Effect  | Default                                                                            |
+|-----------------------|---------|:----------------------------------------------------------------------------------:|
+| `-XX:+CRIUSecProvider` |  Enable   |   :fontawesome-solid-check:{: .yes aria-hidden="true"}<span class="sr-only">yes</span>                                 |
+| `-XX:-CRIUSecProvider` |  Disable  |     |                                                 |
+
+
+## Explanation
+
+When you enable CRIU support (with the [`-XX:+EnableCRIUSupport`](xxenablecriusupport.md) option), all the existing security providers are removed from the security provider list during the checkpoint phase and `CRIUSECProvider` is added. `CRIUSECProvider` supports only a limited number of cryptography services and therefore, you can use only those security algorithms that are available in `CRIUSECProvider`.
+
+You can now choose to disable the use of `CRIUSECProvider` with the `-XX:-CRIUSecProvider` option and continue to use all the existing security providers during the checkpoint and restore phase. When you use the security algorithms of other security providers, you must have alternative approaches to protect your files, such as initialization before you take checkpoints with nonsensitive data. ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
+
+## See also
+
+- [CRIU support](criusupport.md)
+
+<!-- ==== END OF TOPIC ==== xxcriusecprovider.md ==== -->

docs/xxenablecriusupport.md

@@ -30,7 +30,7 @@
  :fontawesome-solid-triangle-exclamation:{: .warn aria-hidden="true"} **Restrictions:** If CRIU support is enabled,
 
 - you cannot use a Java™ security manager. If you try to specify a Java security manager, for example by using the `-Djava.security.manager` system property on the Java command line or the `java.lang.System.setSecurityManager` method in your application, the VM throws the `java.lang.UnsupportedOperationException` error.
-- `CRIUSECProvider` is the only security provider that is available in the checkpoint phase until restore.
+- By default, `CRIUSECProvider` is the only security provider that is available in the checkpoint phase until restore. ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) But, you can continue to use the existing security providers by disabling `CRIUSECProvider` with the [`-XX:-CRIUSecProvider`](xxcriusecprovider.md) option. ![End of content that applies to Java 11 (LTS) and later](cr/java_close.png)
 - JITServer is disabled in the checkpoint phase even if the server exists and you have specified the `-XX:+UseJITServer` option. When you specify the `-XX:+EnableCRIUSupport` and [`-XX:+CRIURestoreNonPortableMode`](xxcriurestorenonportablemode.md) options along with the [`-XX:+UseJITServer`](xxusejitserver.md) option, and the server exists, the VM enables the JITServer server automatically at the restore point. The VM client connects to a JITServer in the context of CRIU as outlined in the following table (where :fontawesome-solid-check:{: .yes aria-hidden="true"}<span class="sr-only">yes</span> means that the VM connects to a JITServer instance and :fontawesome-solid-xmark:{: .no aria-hidden="true"}<span class="sr-only">no</span> means that the VM does not connect to a JITServer instance):
 
 |                               | Nonportable mode (default) <br> Pre-checkpoint | Nonportable mode (default) <br> Post restore | Portable mode Pre-checkpoint | Portable mode Post restore|

mkdocs.yml

@@ -171,6 +171,7 @@ nav:
            - "-Xshareclasses:disableOnRestore"                                   : xshareclassesdisableonrestore.md
            - "-XX:CheckpointGCThreads"                                           : xxcheckpointgcthread.md
            - "-XX:[+|-]CRIURestoreNonPortableMode"                               : xxcriurestorenonportablemode.md
+           - "-XX:[+|-]CRIUSecProvider"                                          : xxcriusecprovider.md
            - "-XX:[+|-]EnableCRIUSupport"                                        : xxenablecriusupport.md
            - "-XX:[+|-]IgnoreUnrecognizedRestoreOptions"                         : xxignoreunrecognizedrestoreoptions.md